commit f8c830205feaf0868ab3d563abe79e1aafcf4604 Author: Damian Johnson atagar@torproject.org Date: Wed Apr 10 10:59:49 2019 -0700
Note ed25519 improvement in the changelog
Yikes. Illia's patch is phenominal, really the only really worth adding is the changelog entry. --- docs/change_log.rst | 1 + stem/descriptor/certificate.py | 5 +++-- stem/prereq.py | 12 +++++++----- test/settings.cfg | 1 + 4 files changed, 12 insertions(+), 7 deletions(-)
diff --git a/docs/change_log.rst b/docs/change_log.rst index f188c885..c647c001 100644 --- a/docs/change_log.rst +++ b/docs/change_log.rst @@ -56,6 +56,7 @@ The following are only available within Stem's `git repository * **Descriptors**
* `Bandwidth file support <api/descriptor/bandwidth_file.html>`_ (:trac:`29056`) + * Ed25519 validity checks are now done though the cryptography module rather than PyNaCl (:trac:`22022`) * Download compressed descriptors by default (:trac:`29186`) * Added :func:`stem.descriptor.remote.get_microdescriptors` * Added :class:`~stem.descriptor.networkstatus.DetachedSignature` parsing (:trac:`28495`) diff --git a/stem/descriptor/certificate.py b/stem/descriptor/certificate.py index 2f62e889..449e106c 100644 --- a/stem/descriptor/certificate.py +++ b/stem/descriptor/certificate.py @@ -224,11 +224,12 @@ class Ed25519CertificateV1(Ed25519Certificate):
:raises: * **ValueError** if signing key or descriptor are invalid - * **ImportError** if cryptography module is unavailable or ed25519 is not supported + * **ImportError** if cryptography module is unavailable or ed25519 is + unsupported """
if not stem.prereq._is_crypto_ed25519_supported(): - raise ImportError('Certificate validation requires the cryptography module and support of ed25519') + raise ImportError('Certificate validation requires the cryptography module and ed25519 support')
from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PublicKey from cryptography.exceptions import InvalidSignature diff --git a/stem/prereq.py b/stem/prereq.py index c2b546dc..1e4450c7 100644 --- a/stem/prereq.py +++ b/stem/prereq.py @@ -29,7 +29,7 @@ import sys CRYPTO_UNAVAILABLE = "Unable to import the cryptography module. Because of this we'll be unable to verify descriptor signature integrity. You can get cryptography from: https://pypi.python.org/pypi/cryptography" ZSTD_UNAVAILABLE = 'ZSTD compression requires the zstandard module (https://pypi.python.org/pypi/zstandard)' LZMA_UNAVAILABLE = 'LZMA compression requires the lzma module (https://docs.python.org/3/library/lzma.html)' -ED25519_UNSUPPORTED = "Unable to verify descriptor ed25519 certificate integrity. ed25519 is not supported by installed versions of OpenSSL and/or cryptography" +ED25519_UNSUPPORTED = 'Unable to verify descriptor ed25519 certificate integrity. ed25519 is not supported by installed versions of OpenSSL and/or cryptography'
def check_requirements(): @@ -248,13 +248,15 @@ def _is_crypto_ed25519_supported():
:returns: **True** if ed25519 is supported and **False** otherwise """ - from stem.util import log
if not is_crypto_available(): return False
+ from stem.util import log from cryptography.hazmat.backends.openssl.backend import backend - supported = hasattr(backend, 'ed25519_supported') and backend.ed25519_supported() - if not supported: + + if hasattr(backend, 'ed25519_supported') and backend.ed25519_supported(): + return True + else: log.log_once('stem.prereq._is_crypto_ed25519_supported', log.INFO, ED25519_UNSUPPORTED) - return supported + return False diff --git a/test/settings.cfg b/test/settings.cfg index 6bdf9394..944428e2 100644 --- a/test/settings.cfg +++ b/test/settings.cfg @@ -172,6 +172,7 @@ pyflakes.ignore stem/prereq.py => 'sqlite3' imported but unused pyflakes.ignore stem/prereq.py => 'cryptography.utils.int_to_bytes' imported but unused pyflakes.ignore stem/prereq.py => 'cryptography.utils.int_from_bytes' imported but unused pyflakes.ignore stem/prereq.py => 'cryptography.hazmat.backends.default_backend' imported but unused +pyflakes.ignore stem/prereq.py => 'cryptography.hazmat.backends.openssl.backend.backend' imported but unused pyflakes.ignore stem/prereq.py => 'cryptography.hazmat.primitives.serialization.load_der_public_key' imported but unused pyflakes.ignore stem/prereq.py => 'cryptography.hazmat.primitives.ciphers.modes' imported but unused pyflakes.ignore stem/prereq.py => 'cryptography.hazmat.primitives.ciphers.Cipher' imported but unused